Why Endpoint Security Agents Fail

The agents we rely on to protect our devices are not as reliable as we think.

A recent article related to the ill-fated Boeing 737 Max draws an interesting parallel to endpoint security failure. The author describes how the underlying cause of the catastrophic failure of the aircraft was due, in part, to the way complex subsystems on the plane interacted with one another — a dynamic that is all too familiar on the endpoint.

The complex interactions between software systems are difficult to understand and require thorough testing of every possible scenario — which, unfortunately, is often done when the machine is in deployment.

In Boeing’s case, this led to devastating loss of life. And while the impact from endpoint agent failure is not as dramatic, it can still be damaging to an organization if a vulnerable device falls into the wrong hands.

According to Ponemon, nearly two-thirds of companies have been compromised in the last 12 months by attacks that originated on their endpoints — a 20 percent increase from the previous 12-month period. With statistics like this, organizations can’t afford to become complacent when it comes to endpoint security and control.

“Two-thirds of companies have been compromised in the last 12 months by attacks that originated on their endpoints.” – Ponemon Institute

Security agents fail over time

A recent study by Absolute confirmed that fundamental endpoint security tools — encryption, client management tools, antivirus, antimalware, and so on — fail us regularly. The research studied more than six million devices over a one-year period and examined one billion change events to see how security solutions performed — or failed to perform — during that time frame.

Snapshot of endpoint security failure

100% of devices will experience encryption failure within one year.

42% of a device population has encryption failure at any given point in time.

The findings from the report categorically prove that when it comes to endpoint security, we’re not as secure as we think. In fact, more technology on the endpoint is probably increasing your risk rather than mitigating it.

Endpoint complexity is creating risk

Endpoint risk follows the same law of physics — the more complex an array of components, the more likely it is that the system will move from order to disorder — not intentionally, but because there are so many more ways of being disorderly than of being orderly.

It stands to reason that the more technology we add to an endpoint, the more complex the machine becomes. The more complex the machine becomes, the greater the likelihood of failure. It’s not that any one security agent is bad, it’s that combined they have interactions that can lead to vulnerabilities if the correct controls are not in place.

It’s not that any one security agent is bad, it’s that combined they have interactions that can lead to vulnerabilities if the correct controls are not in place.

Endpoint agents collide

One of the reasons that critical endpoint controls fail is that they are extremely fragile. And with as many as 12 distinct agents layered onto each endpoint, these agents can collide, override one another, or become corrupted. These unsafe interactions among components create dangerous blind spots which make endpoint infrastructures increasingly vulnerable over time. After all, it only takes one vulnerable endpoint to create a chink in your security armor.

The solution is not more technology, but greater resilience

If basic visibility, control, and resilience measures are not in place, adding additional security tools to already bloated devices will only exacerbate the problem. The real issue organizations face is in ensuring that existing security controls remain in place and functioning correctly at all times.

That’s where Absolute comes in. Absolute’s technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a constant, always-on connection to devices, regardless of user behavior or device performance.

This connection ensures existing controls are always performing as they should. It allows you to maximize your existing technology investments without introducing further complexity to the endpoint.